UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

A technique for using employee perception of security to support usability diagnostics

Parkin, S; Epili, S; (2015) A technique for using employee perception of security to support usability diagnostics. In: 2015 Workshop on Socio-Technical Aspects in Security and Trust (STAST). (pp. pp. 1-8). IEEE: Verona, Italy. Green open access

[thumbnail of Parkin_A Technique for using Employee Perception of Security to Support Usability Diagnostics _2.pdf]
Preview
Text
Parkin_A Technique for using Employee Perception of Security to Support Usability Diagnostics _2.pdf

Download (462kB) | Preview

Abstract

Problems of unusable security in organisations are widespread, yet security managers tend not to listen to employees' views on how usable or beneficial security controls are for them in their roles. Here we provide a technique to drive management of security controls using end-user perceptions of security as supporting data. Perception is structured at the point of collection using Analytic Hierarchy Process techniques, where diagnostic rules filter user responses to direct remediation activities, based on recent research in the human factors of information security. The rules can guide user engagement, and support identification of candidate controls to maintain, remove, or learn from. The methodology was incorporated into a prototype dashboard tool, and a preliminary validation conducted through a walk-through consultation with a security manager in a large organisation. It was found that user feedback and suggestions would be useful if they can be structured for review, and that categorising responses would help when revisiting security policies and identifying problem controls.

Type: Proceedings paper
Title: A technique for using employee perception of security to support usability diagnostics
Event: 2015 Workshop on Socio-Technical Aspects in Security and Trust (STAST)
Open access status: An open access version is available from UCL Discovery
DOI: 10.1109/STAST.2015.9
Publisher version: http://dx.doi.org/10.1109/STAST.2015.9
Language: English
Additional information: Copyright © 2015 IEEE.
Keywords: analytic hierarchy process, human factors of security, information security, security policies
UCL classification: UCL
UCL > Provost and Vice Provost Offices
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science
URI: https://discovery.ucl.ac.uk/id/eprint/1473629
Downloads since deposit
105Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item